Snort mailing list archives
Re: Re: [Snort-devel] IDS vs IPS
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 13 Oct 2003 20:33:24 -0700
Mark. PF is certainly commercial ready. Esp when it's regularly used to replace other rather expensive commercial units that fall over from the traffic load on production sites :-). cheers, --dr sed -e's/IPS/random error injector or worse/' sed -e's/IPS with MSSQL backend/DOS at more than 1k blocks\/sec/' On August 30, 2003 06:08 pm, Jeff Nathan wrote: Stuff
On Saturday, August 30, 2003, at 05:43 PM, Mark Teicher wrote:Rather impressive does not mean it is commercial ready. Commercial Ready means it meets or exceeds he criteria of the definition of the Industry Analysts and can be reviewed by the people who do those rather large network type bake-offs of products and barely understand how the technology works except click "Setup.exe" and pray the Installshield doesn't barf on their system which most likely doesn't meet the vendors stated minimum requirements. How about db's?? How many of the IPS vendors require MSSQL as their databse of choice?? If the IPS vendors require MS SQL as their database backend, that means the IPS management console can't handle an enterprise type organization without having massive horsepower and some sort of distributed console management technology underlying it. How many of the industry reviewers actually review that type of scenario.. ?? I might not even have to take off my shoes to count. Oh better yet, let me get out my abacus.. [/standing on soapbox] Back to my original ranting, GOOD firewall code hasn't been produced in years..In fact, if someone could dig up Wei Xu, Peter Churchill or Brian Reid.. I am sure they could tell you stories about GOOD firewall code, proxy code and the crud they had to put up with. You know there are still Digital Equipment Corporation Firewalls in place at a major bank in NY/NJ area.. (DECSeal at least 20 of them by my last count).. the technology is 10 years old, and no one has broken into them.. Go figure that one out.. no IDS, no IPS.. Actually in fact, I can also name a few other companies that still have Gauntlet firewalls in place.. Was it GOOD firewall code, who knows, but the fact remains, IPS technology is still in its infancy, while Firewalls have been around for almost 15 years, and IDS technology, although not fully matured over 5 years. IPS is less than 30 months old, and everyone single marketing person expels "IPS is the future, firewalls and IDS are dead" OK, marketing people, speak up and tell us who the pure IPS vendors are, not firewall and IDS vendors trying to re-define their space and get some marketing mojo going.. I even cc;ed a marketing person on the list so that they can respond to the hype and defend themselves in this little thread.. C'mon give us the marketing hype and story.. Anyone else from other vendors marketing department listening/reading.. ?? [/slipping off soapbox...] argghhhh, I have fallen underneath the IPS hype and need call the nearest IPS marketing person to get up... P.S. Does this mean I am back to my full lunancy of ranting and raving, not quite sure, but it is fun to be alive again.. Jeff N and Gary C, I owe you two a beer.. /cheers /mark At 06:02 PM 8/30/2003, Jeff Nathan wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark, not entirely true. Dan Hartmeier's packet filter is rather impressive. - -Jeff
-- Top security experts. Cutting edge tools, techniques and information. Tokyo, Japan November, 2003 http://pacsec.jp pgpkey http://dragos.com/ kyxpgp ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Re: [Snort-devel] IDS vs IPS Dragos Ruiu (Oct 15)